The Tangled Web—New from No Starch PressSecurity Expert Michal Zalewski's Guide to Securing Modern Web Applications

San Francisco, CA, November 9, 2011—Modern web applications are built on a tangle of technologies developed over time and haphazardly patched together. Every piece of the web application stack, from HTTP requests to browser-side scripts, is riddled with important yet subtle security gotchas that developers need to understand in order to keep users safe online.

In The Tangled Web (No Starch Press, November 2011, 320 pp., $49.95, ISBN 9781593273880), Michal Zalewski, one of the world's top security experts and author of Google's Browser Security Handbook, explains how browsers work and why they're fundamentally insecure. Rather than simply list known vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. The book opens with a comprehensive examination of browser mechanisms, the historical reasons behind their design, and the security consequences involved. After examining and dissecting the security mechanisms available for web applications, Zalewski outlines anticipated future developments in browser security, including planned HTML5 features.

"Since Silence on the Wire, readers have been waiting for Zalewski's next book," said No Starch Press Founder Bill Pollock. "As applications migrate to the Web, exposing our private data to a wide range of attacks, the security community is badly in need of instruction on how to make web applications more secure. Zalewski offers real insight."

Michal Zalewski is an internationally recognized information security expert with a long track record of delivering cutting-edge research. He is credited with discovering hundreds of notable security vulnerabilities and frequently appears on lists of the most influential security experts. He is the author of Silence on the Wire (No Starch Press), Google's Browser Security Handbook, and numerous important research papers.

Praise for The Tangled Web
"Thorough and comprehensive coverage from one of the foremost experts in browser security."
—TAVIS ORMANDY, GOOGLE INC.

"A must-read for anyone who values their security and privacy online."
—COLLIN JACKSON, RESEARCHER AT THE CARNEGIE MELLON WEB SECURITY GROUP

"Perhaps the most thorough and insightful treatise on the state of security for web-driven technologies to date. A must have!"
—MARK DOWD, AZIMUTH SECURITY, AUTHOR OF THE ART OF SOFTWARE SECURITY ASSESSMENT

About No Starch Press
Founded in 1994, No Starch Press publishes the finest in geek entertainment—unique books on technology, with a focus on open source, security, hacking, programming, alternative operating systems, LEGO, science, and math. Our titles have personality, our authors are passionate, and our books tackle topics that people care about. Visit http://www.nostarch.com for a complete catalog.

About O'Reilly
O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

# # #

O'Reilly is a registered trademark of O'Reilly Media, Inc. All other trademarks are the property of their respective owners.